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2  Detailed  Summary  of  Technical  Progress 

As  modern  control  systems  become  more  complex,  bugs  in  human  design  become  increasingly  hard 
to  detect  by  traditional  methods  such  as  simulation  and  prototype  testing.  The  introduction  of 
timing  information  into  specifications  makes  analyzing  processes  even  more  subtle.  Thus  there  is 
great  need  for  formal  methods  for  proving  the  correctness  of  real-time  systems.  A  related  topic  of 
research  is  how  to  automaticaUy  generate  provably-correct  real-time  processes,  thus  bypassing  the 
need  for  debugging  and  iterative  design.  The  goals  of  this  project  are  to  develop  computationaUy 
feasible  automatic  methods  for  the  formal  verification  and  synthesis  of  hard  real-time  systems. 

In  previous  years,  we  have  investigated  algorithms  based  on  generalizations  of  finite-state  mini¬ 
mization  for  verification  and  the  use  of  approximations  of  various  kinds.  We  have  also  explored 
formaUsms  for  supervisory  synthesis  under  real-time  constraints.  In  this,  the  final  year  of  the 
project,  we  have  focussed  our  efforts  on  making  approximation  methods  work  for  more  reaUstic 
system  designs.  We  have  also  invested  considerable  effort  in  generaUzing  our  approximation  tech¬ 
niques  in  the  hope  that  they  can  be  used  in  other  domains. 

Our  current  algorithm  works  by  successive  approximation.  It  proceeds  in  a  sequence  of  forward  and 
backwards  passes.  In  each  pass,  it  maintains  both  an  overapproximation  and  an  underapproxima¬ 
tion  of  the  reachable  state  space.  If  no  “bad  states”  appear  in  the  overapproximation,  or  if  a  bad 
state  appears  in  the  underapproximation,  the  verifier  can  halt  immediately  with  the  correct  result. 
Otherwise,  it  reverses  direction  and  refines  the  approximations  to  increase  accuracy.  Ultimately, 
the  verifier  will  always  halt  with  the  correct  result  (unless  it  runs  out  of  memory  or  the  user  runs 
out  of  patience).  There  are  several  novel  ideas  in  the  approximation  scheme. 

The  verifier  uses  a  hybrid  symbolic  representation  of  the  state  space,  consisting  of  sets  of  linear 
inequalities  of  the  form  x  -  y  <  c,  where  c  is  an  integer,  to  represent  timing,  and  a  binary  decision 
diagram  representing  sets  of  control  states  (but  not  representing  the  timing). 

This  year,  we  have  cleaned  up  and  improved  the  efficiency  of  the  implementation  of  our  verifier 
significantly.  We  added  “invariants”  to  states,  which  allow  us  to  express  upper  bounds  as  well  as 
lower  bounds  on  delays.  Also,  we  have  added  “urgent”  actions,  which  happen  as  soon  as  they  are 
enabled. 

We  are  now  consistently  able  to  handle  all  of  the  examples  we  set  out  to  do,  including  the  difficult 
ethernet  example  of  Weinberg  and  Zuck  (from  the  Concur  92  conference). 

In  addition,  we  have  an  algorithm  for  handling  “skewed  clock  automata,”  which  allow  timers  that 
increase  at  variable  rates,  where  only  upper  and  lower  bounds  on  the  rates  are  known.  We  have 
found  a  restricted  but  useful  class  of  these  automata  which  can  be  analyzed  exactly  by  converting 
into  ordinary  timed  automata.  Using  this  result,  we  were  able  to  verify  completely  automatically 
a  protocol  for  “Manchester  encoding”  that  was  previously  done  by  hand  using  timed  automata. 
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Most  of  these  results  are  contained  in  Howard  Wong-Toi’s  PhD  thesis,  which  will  be  completed 
within  a  month. 
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5  Software  prototypes 

We  have  a  prototype  of  the  approximation-based  verifier  for  timed  automata,  along  with  various 
examples. 
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